Blogging Tools

Search all "Bits from Bill"

Saturday, March 17, 2007

Congress Tries Again to Define Spyware

I’ve made a number of trips to our nation’s capital to discuss the problem of Spyware. The FTC and all the politicians love to say that they’re going to do something to stop the madness but every time, the number one issue always comes down to “What Defines Spyware”.

The Webster definition is pretty simple.

Main Entry: spy·warePronunciation: 'spI-"werFunction: noun:software that is installed in a computer without the user's knowledge and transmits information about the user's computer activities over the Internet

The debate began again last week with focus on the H.R. 2929 “Securely Protect Yourself Against Cyber Trespass Act”. This bill was first introduced by Mary Bono in July of 2003. Personally, I think they should have called it the “… Cyber Terrorism Act” and perhaps it would get more attention.

Watch this week for a new improved bill to be introduced which would stiffen penalties for anyone convicted of installing software in a fraudulent manner. The Adware folks are already circling their wagons to fight any legislation. Their fear is the wrong wording or interpretation of an AntiSpyware bill would criminalize their business.

According to the Interactive Advertising Bureau, “there is always a risk that legislation that governs complicated technology could result in limiting and/or stifling innovation.” While the IAB may make some good points, they won’t be offering alternatives.

According to Dave Morgan, who was expected to testify on behalf of the IAB…

“In this case, Congressional involvement is good. While I am not a big fan of government intervention, the focus of Congress and folks like Rep. Bono and Rep. Barton on combating spyware has changed the game. Before their interest, spyware was a much bigger problem. Since they focused on the problem, it has largely disappeared.”

Excuse me? Spyware has largely disappeared? I can’t help but point out the first line of the IAB Mission is…

The IAB is the only association dedicated to helping online, Interactive broadcasting, email, wireless and Interactive television media companies increase their revenues.

Unfortunately, any responsible legislation will continue to hang on an accurate definition of what we consider Spyware. My opinion hasn’t changed much since I participated in the first FTC Spyware Workshop held in 2004. The FTC still has my official position on file and you can read it at http://www.ftc.gov/os/comments/spyware/040414billpstudios.pdf

This may be a good time to write to your representatives in Congress. You can click here to find out who they are and how you can contact them.

3 Comments:

A lot will depend on the definition of "without the user's knowledge". Spyware/malware vendors argue that if there is something in the EULA, even if buried in hundreds of lines of text, then they can assume they are acting with the user's knowledge.

There's an obvious problem with that dictionary definition: What about software which is installed with the user's knowledge, but then transmits information which most users wouldn't want divulged? This makes things much messier.

I think the existing bill is too bogged down in technological details, and too Web-oriented, particularly in its "Notice and Consent" requirement, which doesn't allow for plain old written consent, the preferred approach in many B2B situations.

spyware: software that is installed with or without thesysops consent that sends information that the sysop hasnot knowingly consented to having sent, or without theknowing consent of the sysop creates a database that doesnot improve the functioning of that program or creates adatabase that degrades the functioning of other programsand does so without a court order.

Note: The database part really needs work. As I have itan internet cache folder group is fine but the M$ IE 5 and6 file "*\Temporary Internet Files\Content.IE5\index.dat"is not and I think that the word "database" should perhapsbe "performs actions."

My firewall has my knowing consent to degrade my system'sfunctioning.

IIRC, I paid 9.95 for Scottie, and if he saves me again Iplain to pay again.Shawn T